Phishing is a huge threat and growing more widespread every year. In 2021 Tessian* research found that employees receive an average of 14 malicious emails per year. CISCO’s 2021 Cybersecurity threat trends report suggests that at least one person clicked a phishing link in around 86% of organizations. The company’s data suggests that phishing accounts for around 90% of data breaches.
What is Phishing?
Phishing is often associated with emails sent to a user, sending them to a fake web site that mimics the look and feel of legitimate business website; often a bank, a credit card company or an online shop. It’s even been done to mimic airline booking sites.
However, the emailing is just the beginning of the phishing process. Phishing is a process that involves planning, setting up, attacking and collecting data, with the result being identity theft and fraud.
When a person enters information into a fake web site; for example, a company’s credit card details, name and address etc is now gathered by the attackers and may be used for several illegal activities online.
Often this involves simple online purchases and transactions made through different addresses, but in more serious cases it will involve identity theft and fraud.
Here are some ways to deal with the threat of phishing:
1. Security Awareness Training and Phishing Simulation Email Campaigns
To protect your business from phishing, CommSec managed IT security services provide you with anti-phishing hardware and software, which are designed to prevent phishing attacks because they can detect a fraudulent email or website even when users fail to do so. They protect your business by not allowing access to spurious emails and website links.
2. SOC as a Service
Our MSOC+ service is designed to give you the means to detect a phishing incident and sets out the processes for how we respond to the incident as fast as possible and to minimise the potential damage caused.
However, no IT security products are fool proof-user training and security awareness is still the best protection against phishing.
3. Advanced Email Solutions
Often Secure Email Gateways (SEGs) use filters to detect malicious or fake web domains as a first layer of protection from phishing. Some Email security solutions include functions like link checking and validation in sandboxes to avoid users being served with malicious urls contained inside emails but even these urls can be masked and redirected. New generation email security solutions are using AI and machine learning to spot what is a spoofing email and what is a legit email.